LEG012 - Privacy Policy and Procedure
Compiled by Nicola Bursnall
Policy Manager / Approved
by Signature of Approver
Sarah Pietersen
Shared with
All FC Employees 1
Policy Implementation Date 1 July 2021
Competency Test
Policy Review Date 1 July 2022
Version V.1 July 2021
1. INTRODUCTION & PURPOSE:
In accordance with the Protection of Personal Information Act, 4 of 2013 (“the Act”),
which came into effect on 1 July 2021, this document constitutes both the Privacy Policy
statement of Faircape, as well as its Guideline for implementation. This sets out the details
and measures applied when processing of personal information occurs within its
operations including its associated divisions.
2. SCOPE
This policy is applicable to all employees of Faircape Group Holdings (Pty) Ltd, Faircape
Management Trust, Faircape Life (Pty) Ltd, Faircape Health, Faircape Communications
(Pty) Ltd, Faircape Sales & Leasing CC, FMS Property Managers CC, Internect South Africa
CC, Claims Facilitation Services (Pty) Ltd and Faircape Financial Services (Pty) Ltd
(hereinafter collectively referred to as “Faircape”).
3. WHAT CONSTITUTES PERSONAL INFORMATION?
Personal and Special Information refers to to any information relating to an identifiable,
living, natural person (and existing juristic persons, where applicable), including
information relating to race, gender, sex, pregnancy, marital status, mental health,
well-being, disability, religion, belief, culture, language and birth; Education, medical,
financial, criminal, biometric information; or employment; identity numbers, electronic
and physical addresses, telephone numbers and on-line identifiers; Personal opinions,
views or preference; correspondence sent by a person implicitly or explicitly of a personal
nature or confidential; trade union membership, political persuasion, biometric information
or criminal behaviour; and surveillance footage.
4. EXCEPTIONS TO THE ACT
Please note that the prohibition of processing of medical information does not apply to
medical professionals, healthcare facilities, institutions, social services, insurance
companies, medical aid scheme administrators and managed healthcare organisations.
LEG012 - Faircape Group Privacy Policy and Procedure V1 June 2021 Page 1 of 4
5. REQUIREMENTS PRIOR TO REQUESTING PERSONAL INFORMATION FOR PROCESSING OR
STORAGE
Always ensure that:
5.1. You have received consent from the person whom’s Personal Information you are
processing;
5.2. The processing of the Personal Information serves the legitimate interests of both the
person whom’s information is being processed and Faircape; and
5.3. Processing otherwise complies with an obligation imposed by law on Faircape.
If you are uncertain, please ask your Head of Department or the relevant Information
Officer.
6. ENSURING COMPLIANCE WITH THE ACT
In order to ensure that personal information of all employees, clients, contractors,
residents, service providers and suppliers is processed and stored in accordance with the
Act, the following steps should be taken:
6.1. Only Collect Necessary Personal Information
6.1.1. Only collect information which is required in terms of an agreement and is
in compliance with the law.
For Example : You may only collect those documents (Identity document & Proof of
Address) required in order to verify a person's identity in respect of the Financial
Intelligence Centre Act (“Fica”) or documents which you require to fulfill an
obligation under a contract, ie. bank details to take a debit order payment.
6.2. Only store copies of any documentation containing personal information on google
drive, in a designated folder for a specified period.
6.2.1. Once you have uploaded or transferred the information supplied to you by
any clients, customers, suppliers, contractors or service providers (provided
that it is not a requisite to keep this information for a certain period of time),
delete the documentation.
6.2.2. Do not store any documents containing personal or special information on
your personal drive or in any open access folders;
6.2.3. Each workstation / department within Faircape is responsible for attending
to the destruction of its documents, which must be done on a regular basis
(at least once every 3 months).
6.2.4. All hardcopy files and folders must be checked to make sure that there are
no original documents which need to be kept or can be returned to the
Owner instead of destroying;
LEG012 - Faircape Group Privacy Policy and Procedure V1 June 2021 Page 2 of 4
6.2.5. Documents containing personal information must be destroyed and or
shredded by the appropriate company.
See SAICA Guideline on Retention of Records
6.3. Keep information confidential
All employees and contractors of Faircape have a duty of confidentiality in relation
to Faircape employees and any other persons’ personal information. Hereunder
some actions which should be taken to prevent contravention with the Act:
6.3.1. Take your printing with you immediately after inputting your credentials in
the printer and dispose of it in the recycle bins provided once you are
done.
If you do not have a user box, please advise the IT department so that an
account can be set up for you.
6.3.2. Always place documents containing personal information in envelopes
before leaving it at reception and Insist on receiving documents in
envelopes.
6.3.3. Remove any previous emails in any email thread which contain personal or
special information before sharing with other employees and / or other
parties.
6.4. Amendments to Personal Information
6.4.1. All persons may make a request, in writing, to Faircape to update, correct
or delete their personal information on reasonable grounds. On receipt of
the request, you must:
6.4.1.1. take all reasonable steps to confirm the party’s identity before
providing details of or making changes to their personal
information; and
6.4.1.2. In the event that a person requests that their personal
information be deleted, you must direct that query to the
Information Officer who shall advise on the manner in which to
respond.
6.5. Breach of Personal Information
6.5.1. If you suspect or become aware of any breach in which personal
information processed or stored by Faircape to the drive and / or any other
method has been compromised, notify your Head of Department and the
information officer immediately.
6.5.2. Once notified of a suspicion of a data breach, the Information Officer shall
immediately investigate the matter and where applicable, notify the board
of directors, trustees or members. A decision shall be made whether or not
this requires notification to the Regulator and/or the relevant third party
whose information has been breached (if known).
LEG012 - Faircape Group Privacy Policy and Procedure V1 June 2021 Page 3 of 4
7. DISCLAIMER TO BE ADDED TO EMPLOYEE EMAIL SIGNATURES
The following disclaimer must be added to the bottom of each employee's email
signature:
The information contained in this email is legally privileged and confidential and
may contain personal information. It is meant solely for the intended recipient and
access by anyone else is unauthorised. If you are not the intended recipient, please
immediately delete and/or destroy it and notify the sender.
8. APPOINTED INFORMATION OFFICERS
8.1. It will be the responsibility of the Information Officer, together with the relevant board
of directors, trustees or members, to, inter alia, decide on and record acceptance of
the POPI policy and procedure as contained herein.
The Information Officer shall be responsible for performing an annual assessment of
the data processed by Faircape to identify, assess and address risks, as far as
indicated from the outcome of such assessment.
8.2. The following Information Officers have been appointed for each entity:
8.2.1. Faircape Group Holdings (Pty) Ltd, Faircape Health, Faircape
Communications (Pty) Ltd, Faircape Property Managers CC, Faircape Sales
& Leasing CC, Claims Facilitation Services (Pty) Ltd and Faircape Financial
Services (Pty) Ltd:
Information Officer: Gamiema Abrahams
Tel number: 021 815 5700
Email address: [email protected]
8.2.2. Faircape Life (Pty) Ltd and Faircape Management Trust:
Information Officer: Sarah Pietersen
Tel number: 021 815 5700
Email address: [email protected]
LEG012 - Faircape Group Privacy Policy and Procedure V1 June 2021 Page 4 of 4